Exposing it inside Internals was a hack. The downside of this CL is that heap
object tagging is in two places now (v8.h and globals.h).
BUG=v8:7308
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic7115ab20d67109dd2b62c772d52eeb84fa7d9f7
Reviewed-on: https://chromium-review.googlesource.com/968423
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52093}
Embedded builtins are now based off the v8_enable_embedded_builtins
gn flag instead, which conditionally defines V8_EMBEDDED_BUILTINS.
Bug: v8:6666
Change-Id: I44d40d30fce3a3ed9bbf973d46c4990ba3fade40
Reviewed-on: https://chromium-review.googlesource.com/964361
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52092}
On {mips,mips64,ppc,s390}, target addresses are specially coded into
the instruction stream, i.e. split between a series of instructions.
This adds support for that case, similar to what happens with runtime
external references.
Bug: v8:6666,v8:7571
Change-Id: Ie6f62bc0ca3183f005d8380f6f8b908fa12ea62b
Reviewed-on: https://chromium-review.googlesource.com/970824
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52091}
Following CL [1], it is required to remove the thin_archive config
everywhere complete_static_lib is set.
[1] https://chromium-review.googlesource.com/c/chromium/src/+/954344
BUG=chromium:801925
R=machenbach
Change-Id: Id75e06543545924771820500c53df3d5ee58774b
Reviewed-on: https://chromium-review.googlesource.com/972550
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52089}
This reverts commit 9afde91b94.
Reason for revert:
https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm/builds/6616
Original change's description:
> [builtins] Load external references from the external-reference-table
>
> Off-heap code cannot embed external references. With this CL, we load
> from the external reference table (reached through the root pointer)
> instead.
>
> In a follow-up, the table could be stored within the isolate itself,
> removing one more level of indirection.
>
> Bug: v8:6666
> Change-Id: I4c612ad3d4112ec03c3b389f5bfb9cdc3dc8a671
> Reviewed-on: https://chromium-review.googlesource.com/970468
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52073}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org
Change-Id: Iecc2a68e54339e153f1d1e882d8972d5c9cff442
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/971902
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52083}
The new API supersedes the old `RegisterDefaultSignalHandler` and flag
combination. Now the embedder must explicitly call
`EnableWebAssemblyTrapHandler` to activate the trap handler and optionally
install the default signal handler. The old flag is now used only by D8 to
decide whether to call this function.
Bug: v8:5277
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I05fbb2138138bfc95b14361aabd712db84789b4a
Reviewed-on: https://chromium-review.googlesource.com/963179
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52081}
This moves the Wasm-specific metadata from being fields on the
ArrayBuffer into a table managed by WasmMemoryTracker.
Bug: chromium:776273
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id8b050bfdfe0fbe9436fb055e92c08d503d3c2ba
Reviewed-on: https://chromium-review.googlesource.com/850550
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52080}
Previously a step-dependent reference was captured, which would not
exist anymore as soon as we change steps in async compilation. This fix
makes sure that we capture the pointer by copy, not by reference.
Change-Id: I7ff7e87b67b2fd379e6642d844a4c770cadf1f6c
Reviewed-on: https://chromium-review.googlesource.com/970964
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Cr-Commit-Position: refs/heads/master@{#52079}
This was a bug found while working on https://crrev.com/c/850550
Change-Id: I92b04d1814e75f0a1817f8409496612a3597cd20
Reviewed-on: https://chromium-review.googlesource.com/966997
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52078}
Avoid loading to a general purpose register if the bit pattern consists
of a consecutive block of 1 bits.
Drive-by: Change a parameter from int8_t to byte such that the AVX_OP
macro works on these methods.
R=mstarzinger@chromium.org
Change-Id: Ib469ddd29d92ddeabe98460d2951b01159a6548a
Reviewed-on: https://chromium-review.googlesource.com/969123
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52077}
If FLAG_enable_embedded_constant_pool is false, the field for the
builtin index would alias the field for the constant pool offset in the
code object. This makes constant_pool() return the builtin index, but it
also makes set_constant_pool() override the builtin index (and vice
versa).
This CL fixes this by making all constant_pool accessors honor that
flag.
R=mstarzinger@chromium.org
Change-Id: I88803a4f28bd5a2fe85a310708c7a365cc457339
Reviewed-on: https://chromium-review.googlesource.com/970586
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52076}
Off-heap code cannot embed external references. With this CL, we load
from the external reference table (reached through the root pointer)
instead.
In a follow-up, the table could be stored within the isolate itself,
removing one more level of indirection.
Bug: v8:6666
Change-Id: I4c612ad3d4112ec03c3b389f5bfb9cdc3dc8a671
Reviewed-on: https://chromium-review.googlesource.com/970468
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52073}
Part of ongoing work to remove the construct_stub field of the SFI.
Generate_InternalArrayConstructor was actually incorrect for packed
internal arrays, where it would instead create a regular internal array
because it loaded the constructor function from the context every time.
Ultimately InternalArray should be removed, or the constructor ported
to CSA in the meantime. But for now, it is off the critical path for
the construct_stub removal.
Also fix a bug: Runtime_NewArray expects a type_info parameter, which
should be in rbx (on x64). Because we now go through
JSBuiltinsConstructStubHelper first, rbx is loaded with a value that
doesn't look like a heap object, which causes a crash in NewArray.
Fix that by first loading undefined explicitly (which is what the
ArrayConstructor builtin does already).
Bug: v8:7503
Change-Id: Ic92fa8864b0af2d32200eb0176ba55ccff03b114
Reviewed-on: https://chromium-review.googlesource.com/970823
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52072}
src/base/debug/stack_trace_posix.cc: suppressed unused function warnings
for functions DemangleSymbols, OutputPointer(in order to compile with
-Werror flag)
test/cctest/test-isolate-independent-builtins.cc: corrections to make
ByteInText test case compatible with aix. (affects aix only)
Change-Id: I49e45e63545404c77aaed3f51b26557f6f03455e
Reviewed-on: https://chromium-review.googlesource.com/927484
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52071}
We currently never shrink the StringTable which causes excessive memory usage
on certain websites. This CL tries to mitigate this by shrinking the
StringTable if it is very empty (nof_elements * 16 < capacity) hopefully
avoiding costly reallocations.
Bug: chromium:818642, v8:5443
Change-Id: I4e6a95b3a6992b499fa6dd59ae159c51f089965a
Reviewed-on: https://chromium-review.googlesource.com/970465
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52070}
Loading external references from off-heap builtins will be
root-pointer-relative. At least initially, these loads will happen in
CSA and thus need access to the root pointer value.
Bug: v8:6666
Change-Id: Iae4c89061df442f5afd03f93e5ba35c4e125b850
Reviewed-on: https://chromium-review.googlesource.com/970264
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52069}
The embedders should use the EmbedderGraph API. The similar structure
can be created with the following steps:
1) Create a root node for each retainer info group.
2) Iterate all handles using Isolate::VisitHandlesWithClassIds.
3) Add an edge from the retainer info node to the v8 wrapper node.
4) Add an edge from the v8 wrapper node to the retainer info node.
See how HeapSnapshotRetainedObjectInfo is converted to the new API.
Bug: chromium:749490
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I124ae3853354863b4f888e6aa2ea13777dcaa37d
Reviewed-on: https://chromium-review.googlesource.com/948842
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52067}
Port CallIndirect and CallRuntime methods. Also, implement methods
for allocation and deallocation of stack slots, which are used in
trace memory operations.
Bug: v8:6600
Change-Id: I99e0115dcf6d971229892b27b4b4f01d0c5441e8
Reviewed-on: https://chromium-review.googlesource.com/970262
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52065}
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1219a4d6aa5abaa9fee54dda883da7a3186e347a
Reviewed-on: https://chromium-review.googlesource.com/952452
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52064}
This was removed in one of the branches during weak-refs work.
Bug: v8:7574
Change-Id: Id2a1af22b1150d8c888c117c023e8c78f532b9f2
Reviewed-on: https://chromium-review.googlesource.com/970702
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52061}
The embedders should use the new EmbedderGraph API to provide retainer
info.
Bug: chromium:749490
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iac8dc1e749ef14277b027f43e799357c5bd413ea
Reviewed-on: https://chromium-review.googlesource.com/948489
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52059}
The MessageLoopBehavior might change over time: Sometimes we want to
wait because wasm background compilation is going on, sometimes we
don't. This makes the semaphore go out of sync with the task queue (we
always notify it when a new task is scheduled, but we only sometimes
wait on it).
Using a condition variable instead of a semaphore avoids this problem.
R=ahaas@chromium.org
Change-Id: Ib9850efc634f5988d3f824895b6566bd76475985
Reviewed-on: https://chromium-review.googlesource.com/969122
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52057}
In general, TurboFan doesn't encounter phi nodes with only a single
data input in the backend. However, CSA-based builtins (especially
auto-generated ones, e.g. from Torque), may contain single-input phi nodes,
although outside the auto-generated case this doesn't happen much in practice.
Single input phi nodes (i.e. phis in blocks with one predecessor) don't have
any side effects and are essentially useless and harmless, but to avoid problems
in the backend of TurboFan (whose SSA deconstruction disallows control flow
splits that continue to blocks with phis), this CL tweaks the existing
CSA-only control flow and graph sanitization in the CSA path to ensure
no no-op phis.
Change-Id: I109f4dc6cde5ad1794585a09609a230b1848e0d5
Reviewed-on: https://chromium-review.googlesource.com/963711
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52056}
This is a reland of 40d66d8bf8
The fix disambiguates duplicate symbols in the generated embedded
builtins file.
Original change's description:
> [build] Make separate snapshot for trusted variant
>
> This enables side-by-side snapshots with and without untrusted-code
> mitigations. It'll be the default in all V8 stand-alone builds
> with external startup data. Internal snapshots are not supported.
>
> The files snapshot_blob.bin and snapshot_blob_trusted.bin will be
> bundled with V8 on swarming and the correct file is loaded dependent
> on the --untrusted-code-mitigations runtime flag.
>
> Likewise we embed two snapshots for builtins.
>
> Side-by-side snapshots won't be supported in Chromium.
>
> Bug: v8:7441
> Change-Id: I2949ddfd5773649946b1c8e74751d48ad1d9c524
> Reviewed-on: https://chromium-review.googlesource.com/960004
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52028}
Bug: v8:7441
Change-Id: I626171d4e07389f0453b4d0a698e2772fd37e8c5
Reviewed-on: https://chromium-review.googlesource.com/968623
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52055}
This adds support to get or set globals of all the standard types (i32,
i64, f32, f64).
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ie8d14d3d964e2abe3f19945a0e80b0e8462e9485
Reviewed-on: https://chromium-review.googlesource.com/969262
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52054}
Adds a new space RO_SPACE and modifies the serializer and other machinery
to support it.
Currently RO_SPACE has nothing in it, but will eventually contain all the
immovable immutable objects, so the GC can ignore it.
Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib2ff474699196c138df8c24f7a2248471e30fbac
Reviewed-on: https://chromium-review.googlesource.com/925703
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52053}
It was stored in a shared_ptr so far, which makes it more difficult to
reason about life times. Since there is always exactly one owner of the
AsyncCompileJob, a unique_ptr actually suffices.
R=ahaas@chromium.org
Change-Id: If94c9091889ad05325c559a97e9a9ffeee8d450c
Reviewed-on: https://chromium-review.googlesource.com/968604
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52052}
This adds support for the f32.abs and f64.abs opcodes.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I05a16bb4301d492ba8d22a6326c7b2ce0f9f2faa
Reviewed-on: https://chromium-review.googlesource.com/968502
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52051}
Also unskip test that has already been fixed in f1b1ec7.
R=jgruber@chromium.org
Bug: v8:178
Change-Id: I9cd2156ef41146b0dd58a974088726f5cbda8058
Reviewed-on: https://chromium-review.googlesource.com/970243
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52050}
In order to remove the construct_stub field of the SFI we need all
construct stubs to be the same, and do any branching at runtime
instead. For builtins we don't need to set the construct stub because
the builtins construct stub will call into it for us.
There should only be two builtins left without the builtins construct
stub: Array and InternalArray, which are special cases that need to
be dealt with in another CL.
Bug: v8:7503
Change-Id: If0d419399a9ee22c09cf2a5a3d3dbea7a04dee77
Reviewed-on: https://chromium-review.googlesource.com/968862
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52046}
This reverts commit 46a3c77201.
Reason for revert: This is actually not quite ready. What we need is a speculation free poisoning, and if we do another branch, then I think that won't happen.
Original change's description:
> [turbofan] Masking/poisoning in codegen (optimized code, mips & mips64)
>
> This introduces masking of loads with speculation bit during code generation.
> At the moment, this is done only under the
> --branch-load-poisoning flag, and this CL enlarges the set of supported
> platforms from {x64, arm, arm64} to {x64, arm, arm64, mips, mips64}.
>
> Overview of changes:
> - new register configuration configuration with one register reserved for
> the speculation poison/mask (kSpeculationPoisonRegister).
> - in codegen, we introduce an update to the poison register at the starts
> of all successors of branches (and deopts) that are marked as safety
> branches (deopts).
> - in memory optimizer, we lower all field and element loads to PoisonedLoads.
> - poisoned loads are then masked in codegen with the poison register.
> * only integer loads are masked at the moment.
>
> Bug: chromium:798964
> Change-Id: I211395b8305ed0ad9288d6da48fa159fa970c827
> Reviewed-on: https://chromium-review.googlesource.com/951382
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
> Cr-Commit-Position: refs/heads/master@{#52042}
TBR=mvstanton@chromium.org,mstarzinger@chromium.org,ivica.bogosavljevic@mips.com
Change-Id: Ief4d9ef56d918172f0b545d321a64b1ab5b46915
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:798964
Reviewed-on: https://chromium-review.googlesource.com/969041
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52045}
Synchronous compilation currently continues creating new tasks even
though compilation has already failed. This stops the creation of
new background tasks and makes sure that the background task manager
in the CompilationState is not canceled twice.
Change-Id: Ic4c55275ff70e7eca901ad357253f81aa8e2e8e1
Reviewed-on: https://chromium-review.googlesource.com/968781
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52044}
